LDAP authentication compares user login information against the profile database on an LDAPv2-compliant directory server. After users are authenticated by the LDAP server, they are automatically logged in to Cisco Unified MeetingPlace as long as their LDAP user IDs also exist in Cisco Unified MeetingPlace. With LDAP authentication, the following restrictions apply:

Cisco Unified MeetingPlace Web Conferencing supports only unencrypted LDAP, that is, queries to the LDAP server are in clear text.

Users cannot log in with their Cisco Unified MeetingPlace passwords for their same LDAP user names.

LDAP profiles are used for authentication; Cisco Unified MeetingPlace profiles are ignored.

Note: To authenticate Cisco Unified MeetingPlace Web Conferencing against the LDAP server, make sure that the LDAP server directory is designed to have all users in one container rather than broken into multiple containers (each representing a child OU).

You can only enter one value for the LDAP Distinguished Name (DN) field in the Web Conferencing directory configuration. If your users are segregated into multiple organizational units (OUs), you can work around this issue by using either the DOMAIN\USER or user@ou.domain.com format for the DN. When configuring the LDAP Distinguished Name field in Web Conferencing, enter just %USERNAME%, without specifying an OU, DC, or other parameter.

Instead of entering %USERNAME%, leave the DN field blank if you are authenticating against a multiple LDAP forest configuration.

Example

CN= %USERNAME% , OU=People, DC=mydomain, DC=com

If the LDAP server that is being used is the LDAP interface on a Microsoft Active Directory server, leave the DN field blank (empty) for authentication to work. When configured in this manner, the format of the usernames that the user enters must be DOMAIN\USER or user@ou.domain.com.

%USERNAME% is the username that the user enters when logging in.

Before sending the request to the LDAP server %USERNAME% is replaced with the username that the user enters in the login username field. No additional modifications are made to the DN value.